VIP service will disable TLS 1.0 and 1.1 protocols on all VIP endpoints and APIs. After this change, only TLS 1.2 and TLS 1.3 protocols will be supported on VIP API URLs, including Enterprise Gateway and VIP Web Service API endpoints. TLS 1.2 will be supported on VIP Web portals.
Transport Layer Security (TLS) v1.0, 1.1, and 1.2 are security protocols for establishing encryption channels over computer networks. The VIP API URL endpoints currently support all 3 of these protocols. Due to evolving regulatory requirements, and as part of Broadcom's continuous effort to maximize the security of our platforms, TLS v1.0 and v1.1 will be disabled on all VIP URLs. TLS v1.2 will remain the only supported TLS version on the VIP Web Portals, and TLS v1.2 and 1.3 will be supported on the VIP API endpoints.
TLS 1.2 and 1.3 will be the supported protocols on the following VIP API endpoints:
TLS 1.2 will be the supported protocol on the following VIP Web URLs:
What do I need to do?
What Cipher Suites will be supported?
In preferred order:
How can I be notified of the VIP changes?
Receive notifications by subscribing to the Symantec VIP status page. Click Subscribe at the top of the page, select the delivery method, then select all sub-components under VIP. De-select other components if you don't want notifications from those products. (See: Signing up for VIP Service alerts)
Have additional questions?
If you have further questions or need technical support:
Contact your Broadcom Account Team.
Open a Symantec Technical Support Case: https://support.broadcom.com/security
Post questions to the VIP community discussion room.
TESTING TLS 1.2 CONNECTIVITY
To avoid a service interruption, perform connection tests from any VIP server within your environment prior to the change and take immediate action if TLS 1.0 or TLS 1.1 is used when connecting to VIP Services.
Use Wireshark (or another packet capturing tool) to determine what protocol is used when your application connects to VIP Services:
-- For https://services-auth.vip.symantec.com/, send traffic to https://ssl-test.services-auth.vip.symantec.com/
-- For https://userservices-auth.vip.symantec.com/, send traffic to https://ssl-test.userservices-auth.vip.symantec.com/
Additional testing of push/OTP:
You can check your push or OTP requests status from VIP Manager > Reports > VIP End User Transaction Report if its failing or getting success.